Bank ATMs Face End of Security Support

An estimated 95% of American bank ATMs run on Windows XP, and Microsoft is ending tech support for that operating system on April 8.

That means Microsoft will no longer issue security updates to patch holes in Windows XP, leaving those ATMs exposed to new kinds of cyberattacks.

If banks fail to upgrade their ATMs to a newer version of Windows by April, customers might be at risk, says CNN. If hackers discover new flaws in Windows XP, those bugs will go unaddressed, leaving attackers free to exploit them.

According to a CNN report, major banks are now cutting special deals with Microsoft to extend life support for their Windows XP machines while they replace their fleet of ATMs. "JPMorgan bought a one-year extension of service and plans to start upgrading ATMs to Windows 7 at Chase banks in July. Citibank and Wells Fargo said they're also upgrading ATMs, but they wouldn't provide details about their plans. Bank of America did not respond to requests for comment."

Replacing the operating systems on ATMs is a major undertaking, CNN reports. In the United States, there are 210,500 bank ATMs, about 200,000 of which run on Windows XP, according to Retail Banking Research in London. In most cases, banks must upgrade the software one ATM at a time, and some will need the entire computer inside replaced too. Labor included, it's a process that experts in the ATM industry say could cost anywhere between $1,000 and $3,500 apiece.

One ATM manufacturer, Diebold, says banks are using this opportunity to add newer card readers to their ATMs that accept more secure chip-and-PIN cards. Those cards have already been adopted worldwide but have yet to grow popular in the United States, CNN says.

Banks that retrofit their ATMs with new hardware will, in the future, be able to upgrade their entire fleets of ATMs with a click of a button. Modern technology allows companies to push software updates via their networks instead of paying each ATM a physical visit.

Did you enjoy this article? Click here to subscribe to Security Magazine.

Products

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

Not all employees are saboteurs or malicious actors, but without education, unwitting employees could cause just as much damage as a targeted data theft in the long run. Read how to prevent this in the August 2015 issue of Security. Also read how building stronger relationships with local and national law enforcement can aid in school security awareness and response, learn about the dangers of continuing to use old credit card terminals, and see the ASIS International 2015 product review.